package com.origon360.security;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.auth.spi.DatabaseServerLoginModule;

public class Origon360DatabaseServerLoginModule extends DatabaseServerLoginModule {
	
	private static final Log log = LogFactory.getLog(Origon360DatabaseServerLoginModule.class);
	
	
	protected boolean validatePassword(String inputPassword, String expectedPassword){
		
		String userSalt = expectedPassword.substring(0, 32);
		
		String expectedSha256Hash = expectedPassword.substring(32);
		
//		if( log.isTraceEnabled()){
			log.info("inputPassword =" +inputPassword);
			log.info("salt=" +userSalt.length() + "length:0 " +userSalt);
			log.info("expected Sha-256 Hash=" + expectedSha256Hash.length()+"length = "+expectedSha256Hash);		
//		}
		
		String inputHash = SHA256CredentialManagerImpl.encryptWithSalt(inputPassword, userSalt);
		
		return expectedSha256Hash.equals(inputHash);
		
	}

}
